EFFECTIVE DATE: September 1, 2017
The structure has been updated to clarify the data collected from survey respondents, and refined the policy according to the latest additions to GDPR : February 3rd, 2021
For the purposes of this policy, Lumoa defines the terms:
- “Client” as a business with which Lumoa has an established relationship
- “Customer” as a customer of a Lumoa client
- “Respondent” as an individual who responds Lumoa surveys
- “Website user” as a person who accesses Lumoa website
DATA LUMOA COLLECTS FROM DIFFERENT GROUPS OF users
Lumoa does not receive, use or collect personally identifiable information, such as names, addresses, phone numbers and e-mail addresses, except under the following circumstances:
WEBSITE USERS (LUMOA AS A DATA CONTROLLER)
Newsletter and other marketing materials requiring subscription
When you sign up for our regular newsletter, we shall send you newsletter(s) or communications regarding products which may be of interest to you. If you no longer wish to receive these communications you can follow the unsubscribe instructions contained in each of the email communications you receive.
Social Media Features
Our Website offers publicly accessible blogs with comment section. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them.
When a website user goes to www.lumoa.me to request a demonstration of a Lumoa service, he or she must provide personal contact details and potentially some other information. Lumoa also collects some marketing contact information such as name and email address through third parties. This information is used for marketing purposes only.
We may display anonymously personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name.
Communicating with you and marketing
We may process and use your personal data to communicate with you, for example, to provide information relating to our products and/or services you are using or to contact you for customer satisfaction queries. We may process and use your personal data for marketing. Marketing purposes may include using your personal data for personalized marketing or research purposes in accordance with applicable laws, for example, to conduct market research and to communicate our products, services or promotions to you via our own or third parties’ electronic or other services.
We may process and use your personal data for profiling for such purposes as targeted direct marketing and improvement of our products or services. We may also create aggregate and statistical information based on your personal data. Profiling includes automated processing of your personal data for evaluating, analyzing or predicting your personal preferences or interests in order to, for example, send you marketing messages concerning products or services best suitable for you.
Lumoa may use so called web beacons (or “pixel tags”) in connection with some websites. However, we do not use them to identify individual users personally. Web beacons are typically graphic images that are placed on a website and they are used to count visitors to a website and/or to access certain cookies. This information is used to improve our services.
Web beacons do not typically collect any other information than what your browser provides us with as a standard part of any internet communication. If you turn off cookies, the web beacon will no longer be able to track your specific activity. The web beacon may, however, continue to collect information of visits from your IP-address, but such information will no longer be personally identifiable.
You may at any time object to your personal data being processed for direct marketing purposes, sending promotional materials, profiling, or for the performance of market research. Further, where your personal data is processed based on your consent, you have the right to withdraw your consent for such processing at any time.
In case you wish to make use of your rights mentioned above, you may, as appropriate and in accordance with applicable laws, exercise such rights by contacting us through the contact points referred in the marketing materials or below in this Policy.
CLIENTS (LUMOA AS A DATA PROCESSOR)
Processor may have access to or otherwise process Customer Personal Data under the Agreement for the purpose of providing the Services to Customer. Processing in this document refers to Processor’s access to and analysis of Customer Personal Data provided by Customer in connection with the provision of the Services.
Data subjects are Customer’s customers, employees and other individuals, whose personal data Customer has provided to Processor in connection with the provision of the Services.
Categories of Customer Personal Data contain customer feedback, employee feedback as well as technical data on employees who use the Services. Processor may also process other categories of Customer Personal Data when such is included in the Customer Personal Data provided to Processor as part of the Services.
The Parties shall process Customer Personal Data in accordance with EU Data Protection Laws.
Processor shall ensure that personnel with access to Customer Personal Data are subject to confidentiality obligation.
Processor shall take reasonable steps to ensure the reliability of its employees and Subprocessors who may have access to Customer Personal Data, ensuring that access to Customer Personal Data is limited to those individuals who need to know or access the relevant Customer Personal Data, as necessary for the purposes of the Agreement.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall in relation to the Customer Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
The agreement between Lumoa and client determines the data retention policies.
For all clients, we provide an opportunity to sign Data Processing Agreement with us. To receive the Agreement template, please contact email@example.com
CLIENTS (LUMOA AS A DATA CONTROLLER)
Provision of products and services
We may process and use your personal data to provide you the product or service you have requested, fulfill your other requests, process your order or as otherwise may be necessary to perform or enforce the contract between you, your employer organization and Lumoa. We may also process and use your personal data to ensure the functionality and security of our products and services, to identify you, and to prevent and detect fraud and other misuses.
Development of products and services
We mostly use aggregate and statistical information in the development of our products and services, and not data directly identifiable to you. If you are providing feedback on our product and services either using digital channels such as chat or email or through a direct communication with Lumoa employee or representative, that feedback may be assigned with your name to our product development system.
Communicating with you and marketing
We may process and use your personal data to personalize our product related communications and to provide you with tips and recommendations on, for example, how to use the service, new features of our service or third party services closely related to our service. We may also use personal data to contact you for customer satisfaction queries.
RESPONDENTS (LUMOA AS A DATA PROCESSOR)
Lumoa surveys respondents on behalf of its clients. Typically respondents are customer’s of Lumoa’s client or employees of Lumoa’s client on behalf of its clients. In the surveying process, Lumoa may receive customers’ personally identifiable information either as part of the survey response or directly from its clients. This personally identifiable information is only used for the purposes specified in the written agreement between Lumoa and client and the data is always owned by the client. Lumoa never sells personally identifiable information to an third party.
Lumoa may, with the written consent of its clients, use the responses without personally identifiable information in an aggregated format for purposes defined in the agreement, most typically for product development purposes and other business purposes.
When collecting data from survey respondents, Lumoa does not seek to collect any sensitive information such as social security numbers or health information. Lumoa does not seek to collect any information from or engage in any transactions with persons under the legal age in their respective country.
Where a consent from you to the processing of personal data is required under the applicable law, such consent will be obtained by appropriate mechanism such as ticking a box stating your consent, choosing technical settings for a service or website, or other statement or conduct clearly indicating your acceptance to the processing, depending on the product, website, service or application you are using.
Lumoa is not in the business of selling or renting personally identifiable information gathered on its website or in the course of client work to third parties. Lumoa shares information with third parties, such as its clients, only as described in this policy or as described at the time information is collected. For example, Lumoa may, at the request of a client, ask you for your email address so a client can follow up with you about your responses to a survey. The provision of such information is typically voluntary, and at all times participation in a survey is voluntary.
We will retain your information for as long as needed to provide services to our clients. After the contract with the client ends, the data will be deleted as agreed in the Agreement between client and Lumoa. We will retain the information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Lumoa collects information under the direction of its Clients, and has no direct relationship with their respondents whose personal data it processes.
We collect information for our clients, if you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the client that you interact with directly.
An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the Lumoa’s Client (the data controller). If the Client requests Lumoa to remove the data, we will respond to their request within a reasonable timeframe.
Lumoa implements appropriate technical and organizational security measures to prevent and minimize risks associated with providing and processing personal data.
Such security measures include, where appropriate, the use of firewalls, secure server facilities, encryption, implementing proper access rights management systems and processes, careful selection of processors, sufficient training of personnel involved in the processing, and other necessary measures to provide appropriate protection for your personal data against unauthorized use or disclosure. Where appropriate, we may also take back-up copies and use other such means to prevent accidental damage or destruction of your personal data. All traffic is encrypted using Secure Socket Layer technology (SSL) or other encrypted tunnels.
We restrict access to personal information only to authorized personnel, contractors and agents who need to know that information in order to operate, develop or improve our service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
Transfers of personal data
We may disclose your personal data to third parties solely as stated below in this Policy, or as obligated by mandatory law.
Our products and services are provided using resources and servers located inside European Union. If we need to transfer your data outside of EU, we take steps to ensure that adequate protection for your personal data is provided as required by applicable laws. For international transfers of your personal data, we generally rely on agreements that are based on the Standard Contractual Clauses (“SCCs”) of the European Commission.
From time to time, Lumoa may contract with third parties to perform functions necessary for its research operations and, under the terms of those contracts, may transfer data to those third parties. Lumoa requires any such third party to maintain confidentiality of such data. We use other third parties such as an email service provider to send out emails on our behalf. When you sign up for our services, we will share your personal information only as necessary for the third party to provide that service. We also use third parties to assist us in selling our services.
We may disclose and otherwise process your personal data in accordance with applicable laws to defend Lumoa’s legitimate interests, for example, in civil or criminal legal proceedings.
Mergers and Acquisitions
If we decide to sell, buy, merge or otherwise reorganize our business, this may involve us disclosing personal data to prospective or actual purchasers and their advisers, or receiving personal data from sellers and their advisers, for the purposes of such transactions.
COMPLAINT TO THE SUPERVISORY AUTHORITY
In the event you consider our processing activities of your personal data to be inconsistent with the applicable data protection laws or that Lumoa has not sufficiently ensured the realization of your rights, you may lodge a complaint with the local supervisory authority responsible for data protection matters.
NOTIFICATION OF CHANGES
ACCESSING AND UPDATING PERSONAL INFORMATION
You may access, review, correct, update, change or delete your personal information at any time. To do so, please contact us at firstname.lastname@example.org with your name and the information requested to be accessed, corrected or removed.
Data Subject Rights
You can access, rectify, erase, restrict or export your personal information at any time by emailing us at email@example.com. You can object to our processing of your personal information at any time. You can contact our Data Protection Officer with requests or concerns at firstname.lastname@example.org.
The data controller responsible for the purposes of the applicable data protection laws is:
Business ID: FI27917978